Lucene search
K

496 matches found

EUVD
EUVD
added last week5 views

EUVD-2026-42251

Flowise before 3.1.0 contains a path traversal vulnerability in Faiss and SimpleStore vector store implementations that accept unsanitized basePath parameters from authenticated users. Attackers with valid API tokens can write vector store data to arbitrary filesystem locations, potentially...

6.5CVSS6.5AI score0.0033EPSS
Exploits0References2
CVE
CVE
added last week12 views

CVE-2026-54061

Dgraph Alpha before version 25.3.5 exposes the RPCs for external snapshot import on the public gRPC port :9080 without authentication or authorization, allowing an unauthenticated network client to open StreamExtSnapshot and stream Badger data to the target group’s store. The receiver invokes Pre...

9.1CVSS5.9AI score0.00388EPSS
Exploits0References2
OSV
OSV
added 2026/06/26 10:43 p.m.5 views

GHSA-QVQC-4C52-X6QP regclient may leak authentication credentials to external blob stores

Credentials for a registry may be inadvertently leaked to external servers. A prerequisite for this attack is a malicious registry server, a malicious blob store, or a registry that does not restrict the external URLs for foreign blobs. Example attack A malicious registry serves an OCI image...

6.8CVSS5.7AI score
Exploits0References2
The Hacker News
The Hacker News
added 2026/06/22 12:45 p.m.35 views

Google Sets Sept. 30 Deadline for Android Developer Verification in Four Countries

Google has set September 30, 2026, as the day it begins enforcing Android developer verification in the first four countries, and the major device-maker app stores are in from the start. On that date, certified Android phones in Brazil, Indonesia, Singapore, and Thailand will block normal install...

5.9AI score
Exploits0
EUVD
EUVD
added 2026/06/15 9:30 p.m.9 views

EUVD-2026-36796

In Spring AI Vector Stores, special characters could be used to force the execution of arbitrary queries in Elasticsearch, OpenSearch, and GemFire VectorDB. Affected components: spring-ai-elasticsearch-store, spring-ai-opensearch-store, spring-ai-gemfire-store. Affected versions: Spring AI 1.0.0...

8.6CVSS5.6AI score0.00254EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 8:16 p.m.11 views

CVE-2026-47835

In Spring AI Vector Stores, special characters could be used to force the execution of arbitrary queries in Elasticsearch, OpenSearch, and GemFire VectorDB. Affected components: spring-ai-elasticsearch-store, spring-ai-opensearch-store, spring-ai-gemfire-store. Affected versions: Spring AI 1.0.0...

8.6CVSS0.00254EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 6:54 p.m.31 views

CVE-2026-47835

In Spring AI Vector Stores, the vulnerability arises from improper handling of special characters that could lead to arbitrary query execution in Elasticsearch, OpenSearch, and GemFire VectorDB. Affected components are spring-ai-elasticsearch-store, spring-ai-opensearch-store, and spring-ai-gemfi...

8.6CVSS5.6AI score0.00254EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/15 6:54 p.m.9 views

CVE-2026-47835 Spring AI vector store metadata filtering to handle special characters in Elasticsearch, OpenSearch, and GemFire Vector Stores

In Spring AI Vector Stores, special characters could be used to force the execution of arbitrary queries in Elasticsearch, OpenSearch, and GemFire VectorDB. Affected components: spring-ai-elasticsearch-store, spring-ai-opensearch-store, spring-ai-gemfire-store. Affected versions: Spring AI 1.0.0...

8.6CVSS5.7AI score0.00254EPSS
Exploits0References1
HackRead
HackRead
added 2026/06/15 10:2 a.m.15 views

Over 50 Android Apps Found Spreading MagicAd Trojan via Official Stores

Over 50 Android apps on official stores spread MagicAd trojan, using system tricks to force background ads even after infected apps are closed...

5.3AI score
Exploits0
Snyk
Snyk
added 2026/06/12 12:0 a.m.11 views

Improper Neutralization of Special Elements in Data Query Logic

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via insufficient neutralization of special characters in the query construction. An attacker can execute arbitrary queries against Elasticsearch, OpenSearch, or GemFire...

8.8CVSS5.7AI score0.00254EPSS
Exploits0References2
Spring Security Advisories
Spring Security Advisories
added 2026/06/12 12:0 a.m.14 views

cve-2026-47835 - HIGH - Spring AI vector store metadata filtering to handle special characters in Elasticsearch, OpenSearch, and GemFire Vector Stores

cve-2026-47835 - HIGH - Spring AI vector store metadata filtering to handle special characters in Elasticsearch, OpenSearch, and GemFire Vector Stores...

8.6CVSS6.1AI score0.00254EPSS
Exploits0
Snyk
Snyk
added 2026/06/11 12:0 a.m.7 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data. The Kryo-based persistence serializers KryoStateMachineSerialisationService / AbstractKryoStateMachineSerialisationService deserialise persisted state-machine contexts without enabling...

8.8CVSS6.5AI score0.00423EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/10 4:25 p.m.10 views

Security Bulletin: IBM Engineering Lifecycle Optimization - Engineering Publishing affected by a race condition in Eclipse Jersey (CVE-2025-12383)

Summary A critical race condition CVE-2025-12383 has been identified in the Eclipse Jersey client library jersey-client-2.26.jar used by IBM Engineering Lifecycle Optimization - Engineering Publishing. Under high-concurrency conditions, a flaw in the HTTPS client's lazy initialization flow can...

9.4CVSS7.5AI score0.00277EPSS
Exploits0Affected Software1
Packet Storm News
Packet Storm News
added 2026/06/09 12:0 a.m.10 views

FreeBSD Security Advisory - FreeBSD-SA-26:31.arm64

FreeBSD Security Advisory - Some Arm CPUs have errata where the ordering of stores and the TLBI+DSB sequence may be incorrect. If one CPU stores to a virtual address while another CPU invalidates the translation for that address, the second CPU's TLBI+DSB may complete before the first CPU's store...

9.1CVSS5.4AI score0.0053EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.13 views

CVE-2026-44337

PraisonAI is a multi-agent teams system. From version 2.4.1 to before version 4.6.34, PraisonAI exposes optional SQL/CQL-backed knowledge-store implementations that build table and index identifiers from unvalidated name and collection arguments. Applications that pass untrusted collection names...

6.3CVSS5.6AI score0.00216EPSS
Exploits1References1
Redos
Redos
added 2026/05/29 12:0 a.m.14 views

ROS-20260529-73-0019

The vulnerability of the software for interacting with servers via CURL is related to the storage of dangerous files. Exploiting this vulnerability allows a remote attacker to compromise the integrity of data...

6.5CVSS7.3AI score0.04313EPSS
Exploits1
EUVD
EUVD
added 2026/05/26 2:38 p.m.23 views

EUVD-2026-31846

Files or Directories Accessible to External Parties, Server-Side Request Forgery SSRF vulnerability in Apache Flink Kubernetes Operator. The FlinkSessionJob jarURI is currently not validated so that it points to user-owned files or addresses. This lets a user with CR create permissions read files...

5.8AI score0.0049EPSS
Exploits3References1
CVE
CVE
added 2026/05/26 2:38 p.m.23 views

CVE-2026-40564

The CVE concerns Apache Flink Kubernetes Operator where FlinkSessionJob.jarURI is not validated. In versions 1.3.0 through 1.14.x (up to 1.15.0), a user with CR create permissions can cause the operator pod to fetch arbitrary URLs or access the pod’s filesystem via the jarURI, enabling SSRF and l...

6.5CVSS5.8AI score0.0049EPSS
Exploits3References2Affected Software1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: nouveau: fixed a race condition related to ptr storage operations. When running many VK CTS tests in parallel against nouveau, every few hours, you might encounter a crash like this. BUG: Kernel NULL pointer dereference, address:...

5.5CVSS6.3AI score0.00202EPSS
Exploits0References2
Securelist
Securelist
added 2026/05/06 9:30 a.m.7 views

Websites with an undefined trust level: avoiding the trap

Executive summary A suspicious website is a web resource that cannot be definitively classified as phishing, but whose activities are unsafe. Such sites manipulate users, tricking them into voluntarily transferring money for non-existent services, signing up for hidden subscriptions, or disclosin...

5.5AI score
Exploits0
Rows per page
Query Builder